Enhancements in Release F.04.08

Configuring RADIUS Authentication and Accounting

3. Configure the Switch’s Global RADIUS Parameters

You can configure the switch for the following global RADIUS parameters:

Number of login attempts: In a given session, specifies how many tries at entering the correct username and password pair are allowed before access is denied and the session terminated. (This is a general aaa authentication parameter and is not specific to RADIUS.)

Global server key: The server key the switch will use for contacts with all RADIUS servers for which there is not a server-specific key configured by radius-server host < ip-address> key < key-string>. This key is optional if you configure a server-specific key for each RADIUS server entered in the switch. (Refer to “2. Configure the Switch To Access a RADIUS Server” on page 109.)

Server timeout: Defines the time period in seconds for authentication attempts. If the timeout period expires before a response is received, the attempt fails.

Server dead time: Specifies the time in minutes during which the switch avoids requesting authentication from a server that has not responded to previous requests.

Retransmit attempts: If the first attempt to contact a RADIUS server fails, specifies how many retries you want the switch to attempt on that server.

Syntax: aaa authentication num-attempts <1 .. 10 >

Specifies how many tries for entering the

 

correct username and password before

 

shutting down the session due to input errors.

 

(Default: 3; Range: 1 - 10)

[no] radius-server

 

key < global-key-string >

Specifies the global encryption key the switch

 

uses for sessions with servers for which the

 

switch does not have a server-specific key

 

assignment. This key is optional if all RADIUS

 

server addresses configured in the switch

 

include a server-specific encryption key.

 

(Default: Null.)

dead-time < 1 .. 1440 >

Optional. Specifies the time in minutes during

 

which the switch will not attempt to use a

 

RADIUS server that has not responded to

 

an earlier authentication attempt. (Default: 0;

 

Range: 1 - 1440 minutes)

radius-server timeout < 1 .. 15 >

Specifies the maximum time the switch waits

 

for a response to an authentication request

 

before counting the attempt as a failure.

 

(Default: 3 seconds; Range: 1 - 15 seconds)

111